CVSS: 8.3EPSS: 0%CPEs: 7EXPL: 0CVE-2023-6200 – Kernel: icmpv6 router advertisement packets, aka linux tcp/ip remote code execution vulnerability
https://notcve.org/view.php?id=CVE-2023-6200
A race condition was found in the Linux Kernel. Under certain conditions, an unauthenticated attacker from an adjacent network could send an ICMPv6 router advertisement packet, causing arbitrary code execution. Se encontró una condición de ejecución en el kernel de Linux. Bajo ciertas condiciones, un atacante no autenticado de una red adyacente podría enviar un paquete de publicidad de enrutador ICMPv6, provocando la ejecución de código arbitrario. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Linux Kernel. • https://access.redhat.com/security/cve/CVE-2023-6200 https://bugzilla.redhat.com/show_bug.cgi?id=2250377 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dade3f6a1e4e • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22099 – NULL pointer deference in rfcomm_check_security in Linux kernel
https://notcve.org/view.php?id=CVE-2024-22099
NULL Pointer Dereference vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (net, bluetooth modules) allows Overflow Buffers. This vulnerability is associated with program files /net/bluetooth/rfcomm/core.C. This issue affects Linux kernel: v2.6.12-rc2. Vulnerabilidad de desreferencia de puntero NULL en el kernel de Linux en Linux, x86, ARM (módulos de red, bluetooth) permite desbordamiento de búferes. Esta vulnerabilidad está asociada con los archivos de programa /net/bluetooth/rfcomm/core.C. Este problema afecta al kernel de Linux: v2.6.12-rc2. • https://bugzilla.openanolis.cn/show_bug.cgi?id=7956 https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IVVYSTEVMPYGF6GDSOD44MUXZXAZHOHB https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSXNF4RLEFLH35BFUQGYXRRVHHUIVBAE • CWE-476: NULL Pointer Dereference •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51043 – kernel: use-after-free during a race condition between a nonblocking atomic commit and a driver unload in drivers/gpu/drm/drm_atomic.c
https://notcve.org/view.php?id=CVE-2023-51043
In the Linux kernel before 6.4.5, drivers/gpu/drm/drm_atomic.c has a use-after-free during a race condition between a nonblocking atomic commit and a driver unload. En el kernel de Linux anterior a 6.4.5, drivers/gpu/drm/drm_atomic.c tiene un use-after-free durante una condición de ejecución entre un commit atómico sin bloqueo y una descarga del controlador. A flaw was found in the Linux kernel Direct Rendering Infrastructure (DRI) subsystem in which a use-after-free can be caused when a user triggers a race condition between a nonblocking atomic commit and a driver unload. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.5 https://github.com/torvalds/linux/commit/4e076c73e4f6e90816b30fcd4a0d7ab365087255 https://access.redhat.com/security/cve/CVE-2023-51043 https://bugzilla.redhat.com/show_bug.cgi?id=2260005 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51042 – kernel: use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c
https://notcve.org/view.php?id=CVE-2023-51042
In the Linux kernel before 6.4.12, amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c has a fence use-after-free. En el kernel de Linux anterior a 6.4.12, amdgpu_cs_wait_all_fences en drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c tiene una barrera de use-after-free. A use-after-free flaw was found in the Linux kernel's AMD GPU driver which may allow access to members of a synchronization structure after the structure is freed. This issue could allow a local user to crash the system or to access confidential system memory. • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.12 https://github.com/torvalds/linux/commit/2e54154b9f27262efd0cb4f903cc7d5ad1fe9628 https://access.redhat.com/security/cve/CVE-2023-51042 https://bugzilla.redhat.com/show_bug.cgi?id=2259866 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23849
https://notcve.org/view.php?id=CVE-2024-23849
In rds_recv_track_latency in net/rds/af_rds.c in the Linux kernel through 6.7.1, there is an off-by-one error for an RDS_MSG_RX_DGRAM_TRACE_MAX comparison, resulting in out-of-bounds access. En rds_recv_track_latency en net/rds/af_rds.c en el kernel de Linux hasta 6.7.1, hay un error uno por uno para una comparación RDS_MSG_RX_DGRAM_TRACE_MAX, lo que resulta en un acceso fuera de los límites. • https://bugzilla.suse.com/show_bug.cgi?id=1219127 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=13e788deb7348cc88df34bed736c3b3b9927ea52 https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7LSPIOMIJYTLZB6QKPQVVAYSUETUWKPF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LB • CWE-193: Off-by-one Error •